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REMARKS 

Claims 1-15 and 17-26 were pending prior to amendment. 
Claims 16 and 27-30 have previously been cancelled. Claims 11, 
13, 14, 17, 20, 25, and 26 have been amendesd to correct 
typographical errors and alleviate possible antecedent basis 
issues. No new matter has been added* 

Claims 1-15 and 17-26 stand rejected under 35 U.S.C, 103(a) 
as allegedly being unpatentable over U-K. Patent Application GB 
2317792A to Minear et al . (^Minear") in view of the non-patent 
literature, "Implementing a Distributed Firewall'' to loannidis 
et al* ("loannidis'') . 

In view of the remarks herein, the applicant respectfully 
traverses the rejections and requests reconsideration for an 
ea^edited notice of allowance. 

Advisory Action of July 26, 2005 

The advisory action alleges that the request for 
reconsideration does not place the application in condition for 
allowance. Applicant respectfully traverses. 

The advisory action asserts that loannidis allegedly 
teaches ^^a sample policy that permits SSH (Secure Shell) data to 
be transmitted and processed by the KeyNote system (Figure 2, 
page 193),'' and chat "it is clear that encrypted SSH data can be 
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the payload of the IPsec traffic in the KeyNote system as 
disclosed by loannidis," However, loannidis does not support 
this allegation. The figure legend for Figure 2 of loannidis on 
page 193 states that ^The local policy allows a particular user 
(as identified by their public key) connect access to the telnet 
port by internal address, or to the SSH port from any address. 
That user then delegates to two other users (keys) the right to 
connect to SSH from one specific address** Thus, loannidis 
teaches that users can be allowed connection to the SSH port 
based on the KeyNote credential, and does not teach or even 
suggest that SSH data can be the payload of the IPsec traffic. 

Further, loannidis explicitly teaches that "We make use of 
the IPsec stack in the OpenBSD system to authenticate users, 
protect traffic, and distribute credentials" {page 191, l" full 
paragraph and similarly on page 196, section 4.4). IPsec 
traffic carrying the KeyNote credentials must be decrypted 
before the Keynote credentials can be passed to the local host, 
which are then used to determine if the user is allowed to 
connect to the SSH port. Thus, SSH is not the payload of the 
IPsec traffic. In fact, loannidis is silent to the steps of 
decrypting the IPsec traffic, and thus does not teach a separate 
decrypting forwarding element as recited in claim 1. 
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The advisory action also alleges that '^It would have been 
obvious to one of ordinary skill in the art to decrypt the SSH 
payload in the IPsec traffic in a separate decrypting element 
(e.g> the host being protected by the firewall) after being: 
passed through a classifying element (which may need to decrypt 
the IPsec layer of the encaryption as part of the key exchange ^ 
as noted by Applicant) , as doing so would ensure that the actual 
data that one wishes to transmit (as opposed to the 
authentication information needed to pass the firewall) is not 
subject to eavesdropping by a third party node on the network" 
(emphasis added) , Thus, the rejection correctly states that the 
classifying element decrypts IPsec traffic, which means that 
loannidis does not teach a decrypting forwarding element, 
separate from the classifying element, to decrypt IPsec traffic. 

In addition, the fact that SSH is an end-to-end encrypted 
communication is irrelevant to the contention. Even if 
loannidis were to teach decrypting SSH (and loannidis does not) 
at the local host, it still would not teach the limitation of 
claim 1. In contrast to this allegation, claim 1 recites ^if 
said classification parameter is not available, and the IPsec 
traffic is encrypted then decrypting traffic in a decrypting 
forwarding element separate from the first classifying 
forwarding element after said traffic has passed through said 
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classifying forwarding element.-" Therefore, IPsec traffic, and 
not SSH, must be decrypted in a separate decrypting forwarding 
element. SSH is not part of the IPsec traffic since loannidia 
teaches distributing KeyNote credentials and not SSH using IPsec 
traffic (page 191, 1^^ full paragraph and similarly on page 196, 
section 4,4) . But even if SSH were a part of IPsec traffic (and 
clearly it is not) , IPsec traffic must be decrypted first in 
the classifying forwarding element , as correctly Identified by 
the Examiner, before the local host can even access the SSH 
port - 

Therefore, the reasoning provided in the advisozry action 
further supports applicant's argument that the claims are 
patentable over the proposed combination of Minear and 
loannidis . 

The Rejections under 35 U.S.C. 103(a) 

Claims 1-15 and 17-26 stand rejected under 35 U,S.C. 103(a) 
based on the proposed combination of Minear and loannidis. 

Claim 1 

Claim 1 is patentable over the proposed combination of 
Minear and loannidis at least because the office action fails to 
present a prima facie case of unpatentability. 
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According to MPEP 2142, 

^To establish a prima facie case of obviousness, three 
basic criteria must be met. First, there must be some 
suggestion or motivation, either in the references 
themselves or in the knowledge generally available to one 
of ordinary skill in the art, to modify the reference or to 
combine reference teachings • Second, there must be a 
reasonable expectation of success. Finally, the prior art 
reference (or references when combined) must teach or 
suggest all the claim limitations . The teaching or 
suggestion to make the claimed combination and the 
reasonable expectation of success must both be fo\ind in the 
prior art, and not based on applicant's disclosure . In re 
Vaeck, 947 P. 2d 488, 20 USPQ2d 1439 (Fed. Cir, 1991). See 
MPEP § 2143 - § 2143.03 for decisions pertinent to each of 
these criteria. 

The initial burden is on the examiner to provide some 
suggestion of the desirability of doing what the inventor 
has done, "To support the conclusion that the claimed 
invention is directed to obvious subject matter, either the 
references must expressly or impliedly suggest the claimed 
invention or the examiner must present a convincing line of 
reasoning as to why the artisan would have found the 
claimed invention to have been obvious in light of the 
teachings of the references." Ex parte Clapp, 227 USPQ 972, 
973 (Bd, Pat. App. & Inter. 1985). See MPEP § 2144 - 
§ 2144.09 for examples of reasoning supporting obviousness 
rejections. 

Minear and loannidis, in the suggested combination, does 
not teach each and every limitation of claim 1. 



Claim 1 recites: 

^^if said classification parameter is not 
available r and the IPsec traffic is 
encrypted then decrypting traffic in a 
decrypting forwarding element separate from 
the first classifying forwarding element 
after said traffic has passed through said 
classifying forwarding element, and 
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determining the claasif ioation paraniater for 
the IPsec traffic." (emphasis added). 

in contrast, Minear teaches a firewall, which both 
classifies the packet and decrypts the packet. The rejection 
correctly identifies that «Minear does not disclose that the 
decrypting forwarding element is separate from the classifying 

^ -4-» 1 2"* ^ lines 1-3) . loannidis reference 

forward element" (page 3, ^ i/ -!->-"==• 

is then relied upon to allegedly teach the limitation. 

Applicant respectfully traverses. In contrast to the 

present application, loannidis teaches implementing a 

distributed firewall, which requires three distinct components. 

«To implement a distributed firewall, we 
need a security policy language that can 
describe which connection are acceptable, an 
authentication mechanism, and a policy 
distribution scheme. As a policy 
specification language, we use the KeyNote 
trust -management system... As an 
authentication mechanism, we decided to use 
IPsec for traffic protection and user/host 
authentication." (pg. 192, col. 1, 3 1-4 
line 2> . 



tb 



Thus, KeyNote trust -management system does not replace IPsec for 

traffic protection and user/host authentication, but is 

implemented in addition to IPsec authentication. 

«Our prototype implementation uses the 
KeyNote trust -management system, which 
provides a single, extensible language for 
expressing policies and credential_We also 
make use of the IPsec stack in the OpenBSD 
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ayacetn to authenticate users, protect 
traffic, and distribute credentials. The 
distribution of credentials and user 
authentication occvirs are part of the 
Internet Key Exchange (11^) [12] 
negotiation." (pg. 191, 2«» col., 1 full 1, 
lines 1-9) . 

in fact, loannidis explicitly teaches passing the KeyNote 
credential as a part of the 1KB exchange while establishing a 
connection over iPsec Therefore, the encrypted traffic muat be 
both classified and decrypted before the KeyNote credential can 
be forwarded to the local host- 

"In case of a connection coming in over 
IPsec, the remote user or host will have 
established an IPsec Security Aesociatxon 
with the local host using IKE. Aa part of 
the IKE exchange, a KeyNote credential as 
shown in Figure 9 is provided to the local 
host." (emphasis added Ipg. 196, 1 col., 
last H) ) . 

Thus, the office action incorrectly represents loannidis as 
teaching «a distributed firewall system in which classifying and 
decrypting/processing are separate elements- (see Figure 1, and 
also page 193, column 1, 2^^ and 3^^ paragraphs)," (pg. 3, lines 
7-8). While the Examiner's intent is not clear, the office 
action appears to suggest that "KeyNote" and "Verifier" 
represent the "classifying forward element" and the Mecrypting 
forward element, ^^ p^^^t.. from the first clasnifying forwarding 
element" (emphasis added) . However, nowhere in the reference 
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does loannidis teach that KeyNote checks for ''claesif ication 
parameters*' or '^decrypts" IPsec traffic as recited in claim 1, 
In fact, loannidis is silent as to the method by which IPsec 
authenticates users, protects traffic, and distributes 
credentials before providing the KeyNote credential to the local 
host- Therefore, the referenced portions or any other portions 
of loannidis do not teach or suggest using two separate elements 
to classify and decrypt IPsec traffic. 

In addition, the proposed combination of Minear and 
loannidis fails to teach ^providing the classification parameter 
to the first classifying forwarding element" as recited in claim 
1. Minear teaches a firewall with a single element for 
classifying and decrypting IPsec traffic, as correctly 
identified by the Examiner, Since Minear does not teach the 
decrypting foin^^arding element separate from the first 
classifying forward element, Minear lacks the ^first classifying 
foinvarding element" to which the classification parameter is to 
be provided. 

The addition of loannidis does not alleviate the deficiency 
of Minear. The office action alleges that *^the classification 
parameter is passed to the first classifying element (see Figure 
1, and also page 193, column 1, 2*^* and 3"^** paragraphs)". Again, 
the Examiner's intent is unclear, but the office action seems to 
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suggest that returning the ^results" of the KeyNote ev^luator to 
applications (Figure 1 and Pg. 193, l« paragraph) allegedly is 
"providing the classification parameter to the first classifying 
forwarding element" . However, the portions of loannidis 
reference cited in the office action only teach the KeyNote 
trust-management eyeten.. which does not inipact the method of 
classifying and decrypting IPsec traffic As stated above, the 
encrypted IPsec traffic, which includaB the KeyNote credential, 
must be classified and decrypted ^efore the KeyNote credential 
can be forwarded to the KeyNote evaluat or. Furthermore, KeyNote 
credential is not a IPsec classification parameter as recited in 
claim 1. According to loannidis, KeyNote -policy and 
credentials contain predicates that describe the trusted actions 
permitted by the holders of specific public keys (otherwise 
known as principles) " . 

loannidis at best is silent to the method of claseifying 
and decrypting IPsec traffic. As such, there is no factual 
evidence present anywhere in the teachings of loannidis to 
suggest that loannidis teaches using two separate elements to 
classify and encrypt IPsec traffic or that classification 
parameter is provided to the first classification forwarding 
element . 
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For at least these reasons, Minear and loannidia. in the 
suggested oombination, do not teach each and every limitation of 

claim 1- 

independent of addressing each and every limitation of the 
claim, the office action fails to establish a prima facie case 
of obviousness by failing to provide factual evidence to suggest 
, reasonable expectation of success when combining Minear and 
loannidis. First, the proposed coipbination lacks at least the 
"Classifying forward element" and the "decrypting forward 
element, ^^ p^rate from rlir f1-— ^i^^^^fylna forwarding 
element" . Second, the proposed combination of Minear and 
loannidis is directed to applying the KeyNote trust -management 
system, which is unrelated to the method of classifying and 
decrypting IPsec traffic as recited in claim 1. Therefore, 
there is no reasonable expectation of success because any 
combination of Minear and loannidis would result in something 
other than the claimed subject matter of the present 
application. 

Finally, the office action fails to establish a prima facie 
case of obviousness by failing to provide factual evidence to 
suggest a desirability to combine the teachings of Minear and 
loannidis to produce the method of claim i. The office action 
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alleges that the combination of Minear and loannidis ia obvious 
for the following reasons 

•'It would have been obvious to use a 
distributed firewall arrangement, euch as 
that disclosed by loannidis, in the 
invention disclosed by Minear. The 
motivation for doing so would be to rectify 
a number of drawbacks typical of sta^ard 
firewalls (enumerated on page 190, 2 column 
through page 191, l'" column) 

However, the above reasoning to combine Minear and 
loannidis is improper because it does not address the claimed 
subject matter of the present application. The proposed 
combination extends Minear and loannidis in an unrealistic way, 
for which the references do not provide motivation. In fact the 
references teach away from this proposed extension. If the 
teachings of Minear could be modified to implement the 
distributed firewall of loannidis, only the KeyNote trust- 
management system would be provided to decentralize policy 
assertion without addressing IPaee traffic. 

In contrast, the applicant recites classifying and 
decrypting IPaec traffic using two separate elements, which must 
be performed upstream of the KeyNote trust -management system. 
The proposed combination of Minear and loannidis fails to result 
in using two separate elements to classify and decrypt IPsec 
traffic, and consequently fails to teach or suggest the method 
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of claim l. For example, without having the two separate 
elements, there is no '^first classifying forwarding element" to 
which the '^claaaification parameter* is provided. Thus, there 
is no motivation to combine Minear and loannidis because the 
proposed combination rules out the claimed subject matter of the 
present application. 

For at least these additional reasons, claim 1 is 
patentable over the combination of Minear and loannidis. 

Claims 2-5 

Claims 2-5 depend from claim 1, and are therefore 
patentable over the proposed combination of Minear and loannidis 
for at least the same reasons as stated above with respect to 
claim 1. 

Claims 6-10 

Claim 6 includes features similar to those discussed above 
with respect to claim 1, and is therefore patentable over the 
proposed combination of Minear and loannidis for at least the 
same reasons as stated above with respect to claim 1. Claims 7- 
10 depend from claim 6, and are therefore patentable for at 
least the same reasons. 

Claims 11-15 and 17-26 

Claim 11 includes features similar to those discussed above 
with respect to claim 1, and is therefore patentable over the 
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proposed combination of Minear and loannidis for at least the 
same reasons. Claims 12-15 and 17-26 depend from claim 11, and 
are therefore patentable over the proposed combination of Minear 
and loannidis for at least the same reasons. 
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CONCLUSION 

It ie believed that all of the pending claims have been 
addressed in this paper. However, failure to address a specific 
rejection, issue, or coniment, does not signify agreement with or 
concession of that rejection, issue or comment. In addition, 
because the arguments made above are not intended to be 
exhaustive, there may be reasons for patentability of any or all 
pending claims (or other claims) that have not been expressed* 
Finally, nothing in this paper should be construed as an intent 
to concede any issue with regard to any claim, except as 
specifically stated in this paper, and the amendment of any 
claim does not necessarily signify concession of unpatentability 
of the claim prior to its amendment. 
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Claims 1-15 and 17-26 are in condition for allowance, and a 
notice to that effect is respectfully solicited- If the Examiner 
has any questions regarding this response r the Examiner is 
invited to telephone the undersigned at (flSS) €78-4311. 

No fee is believed to be due. Please apply any other 
charges or credits to deposit account 06-1050. 



Fish & Richardson P.C. 
Customer Number: 20985 
12390 El Camino Real 
San Diego, California 92130 
Telephone: (858) 678-5070 
Facsimile; (858) 678-5099 

3.0536906. doc 



Date; 



August 4, 2005 




Scott C. Harris 
Reg. No. 32,030 

Attorney for Intel Corporation 



Respect f<yLly submitted ^ 
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